FCOS - Best way to run rsync with systemd timers to backup your data?

Hi Fedora community,

I am running a Fedora CoreOS instance and want to make sure to back up my data from /var/mnt/volume1, where I mounted a Hetzner volume.
Now the best way might be to use rsync to backup the data to some cloud provider.
But because of FCOS immutability rsync isn’t installed.
Should I build a systemd service to install rsync on every start and require it in my systemd timers/units? Or are there better more mature ways?
Right now I also have a systemd unit that runs once a week a podman container to run certbot renew. It probably pulls the certbot image only the first time, so it might also be feasible for doing the backups, but then I would have to bind with :z my whole volume. So other containers, which use this volume, couldn’t use :Z labeling on this volume anymore.

It’s also the first time i build a backup system. I’d be excited about any hints and tips of backup strategies I should consider.

You can run containers without SELinux isolation with security-opt=label=disable or something like that. This should let you run rsync from a container and have it backup anything that you give it access to via volume mounts.

See: --security-opt=option — Podman documentation

Note that rsync is not a backup tool, but a file sync tool. A backup tool provides a history, while rsync only efficiently copies the latest version from one place to another. If you accidentally delete or modify a file on the source, you cannot recover if rsync has already run. There are many backup programs, I personally like borg backup. If you like yaml configuration, you can use borgmatic to automate it. Or if you prefer a GUI, Vorta is available. All from the standard Fedora repository.